AMP Console - Vulnerable Programs feature

kaustubhmhatre · ‎05-22-2015

Hello,

I had a question about the new Vulnerable Programs feature which gives an extremely useful view of all the vulnerable applications on endpoints including the number of computers on which the applications are installed along with the CVSS Score.

This is extremely important information, but unfortunately I don't see any way to export this information into a CSV for reporting/tracking. Is there a way to do this?

Regards,

Kaustubh

adhogan · ‎05-22-2015

Kaustubh,

Do you have a Defense Center (FireSight Management)? If so, all of the vulnerability data will show up there if it has been linked with your AMP account. The reporting features in the Defense Center make it very easy to export that data. Unfortunately there isn't yet a way to do this from the AMP console.

kaustubhmhatre · ‎05-22-2015

Thanks, but the vulnerabilities data in defense center is not the exact same data. It lists down the vulnerabilities based on the information it sees in the packet (e.g OS version etc.) and correlates with its vulnerability DB to list the vulnerabilities associated with the IP/host.

Or am I missing something, is there a way to view the same information as I see it in the AMP console?

Regards,

Kaustubh

adhogan · ‎05-22-2015

That's different.

Go to Analysis > Files > Malware Event and then go to the Table View. There will be alerts here for when a vulnerable application is detected by AMP on an endpoint. You can sort/search based on Event Type to find these, though the exact syntax escapes me at the moment.